cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Strategy for SSO connections using .NET Connector

Former Member

on ‎03-20-2007 3:12 PM

0 Kudos

We are using EP6 as our authentication mechanism.

I want my ASP.NET app to utilize SSO via the MYSAPSSO2 ticket I obtain from the portal.

This ASP.NET program will be called from <b>outside</b> the portal enironment.

The challenge I face is exactly how to provide this ticket to the connector.

One solution has been to create an iview in the portal that points to my application. Then, in the web pages that are outside the portal, I create a link to the iview. When the link to the iview is made, it redirect to the portal login page which authenticates the user and the iview then redirects to my ASP.NET.

From there I can pass the ticket to the connector and gains access to all the resource I need.

This strategy seems a little clumsy and I am wondering and I am wondering if someone can suggest a better way ... one that <b>doesn't</b> invole an iview.

Thx

-Sheldon

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Andre_Fischer
Product and Topic Expert
Product and Topic Expert
‎03-20-2007 5:45 PM
0 Kudos

Hi Sheldon,

you will also find also valuable information in the following SDN document

<a href="http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/edb8a190-0201-0010-d398-c23e34f30295">Enabling Single Sign-On for ASP.NET Applications in Enterprise Portal 6</a>

+...

You only need to UrlDecode the cookie string:

SAP.Connector.Destination dest = new SAP.Connector.Destination();

// set other properties here

dest.MySAP_SSO2 = HttpUtility.UrlDecode(this.Request.Cookies["MYSAPSSO2"].Value);

....+

Best regards,

André

Show replies
Show replies
Former Member
‎03-20-2007 5:56 PM
0 Kudos

Thanks André!

I'm just going through your blog now and will be working on a test app.

I am currently using the UrlDecode method you suggested ... but in order to get the cookie in the first place I am having authenticate by linking to a containing iview .... I'm hoping that the information contained in your blog will allow me to elimiate this iview and obtain the ticket through more direct means ... then use Urldecode to pass the ticket to the .NET connector.

Hopefully this makes sense

Thanks again. I'll let you know how it goes.!

-Sheldon

Former Member
‎03-20-2007 6:34 PM
0 Kudos

One thing that differs in my scenario from your white paper, is that I wont be using windows integrated security ... hense no kerberos

The user will be anonymous, browsing our external web site. They will then click on a link for a web app. This asp.net application needs to know two things

a) the identity of the user

b) the SSO ticket to communication with our SAP CRM system to obtain more information on the user.

Escentially I just want to use the portal as an authentication and ticket issuing service ... I don't actually want to run the application inside the portal (hense my desire to eliminate the containing iview that the ASP.NET app runs in)

If necessary, I can run the app in an iview, it was just an extra level of redirection that I was trying to avoid if possible.

-Sheldon

Former Member
‎09-17-2007 7:33 PM
0 Kudos

Hello Andre,

I need the following article, but I receive the message "404 - The requested resource is not available."

http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/ep/_d-f/enabling%20...

The applications that use SSO are with access problems, and the article above will solve the problem.

You have the procedure of this article? You can send it for my email? farias.carlo@gmail.com.

Tks.

Carlo Farias

Strategic Outsourcing - IBM Brasil

Former Member
‎10-03-2007 12:47 AM
0 Kudos

Hi Sheldon,

SAP is going to pass the cookie MYSAPSS02 in the http header when it calls your ASP.NET application as long as it is on the same sub domain as your portal.

But if the user logs on to your Portal as Anonymous User , even with the SAP logon ticket, your CRM server is going to reject the user and a logon will pop-up.

But if the user logs on to your Portal with valid Userid and Password and if you have already established trust between CRM and EP then you don't have to do anything - you can just read the header and grab the cookie and decode it to get the user id.

Thanks

Venkat

Andre_Fischer
Product and Topic Expert
Product and Topic Expert
‎03-20-2007 4:15 PM
0 Kudos

Hi Sheldon,

you might use the approach that I have described in my blog .

Instead of passing the Cookie Container you might retrieve the SSO22 Ticket from it and use it with NCo.

Best regards,

André

Show replies
Show replies
Ask a Question